PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-11 00:49:02 +00:00
Code Issues Projects Releases Wiki Activity

Make PortList::mapPort return void.

Browse Source 
Contrary to the doc comment, this function could never return false but
only cause a fatal error.

Resolves these Parfait reports
(http://seclists.org/nmap-dev/2012/q4/412).

Error: Null pointer dereference (CWE 476)
    Read from null pointer 'port'
         at line 344 of components/nmap/build/amd64/portlist.cc in function 'PortList::setServiceProbeResults(unsigned short, int, serviceprobestate, char const*, service_tunnel_type, char const*, char const*, char const*, char const*, char const*, char const*, std::vector<char const*, std::allocator<char const*> > const*, char const*)'.
           Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 343.
           Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Error: Null pointer dereference (CWE 476)
    Write to null pointer 'current'
         at line 520 of components/nmap/build/amd64/portlist.cc in function 'PortList::setPortState(unsigned short, unsigned char, int)'.
           Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 518.
           Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Error: Null pointer dereference (CWE 476)
    Write to null pointer 'answer'
         at line 880 of components/nmap/build/amd64/portlist.cc in function 'PortList::setStateReason(unsigned short, unsigned char, unsigned short, unsigned char, sockaddr_storage const*)'.
           Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 877.
           Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
         at line 885 of components/nmap/build/amd64/portlist.cc in function 'PortList::setStateReason(unsigned short, unsigned char, unsigned short, unsigned char, sockaddr_storage const*)'.
           Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 877.
           Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
This commit is contained in:
david
2012-12-22 06:02:34 +00:00
parent 4519c2ec74
commit c8b9bf8107
2 changed files with 6 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
portlist.cc
View File

@@ -628,8 +628,8 @@ Port *PortList::nextPort(const Port *cur, Port *next,
}
/* Convert portno and protocol into the internal indices used to index
port_list. Returns false on error, true otherwise. */
bool PortList::mapPort(u16 *portno, u8 *protocol) const {
port_list. */
void PortList::mapPort(u16 *portno, u8 *protocol) const {
int mapped_portno, mapped_protocol;
mapped_protocol = INPROTO2PORTLISTPROTO(*protocol);
@@ -637,7 +637,6 @@ bool PortList::mapPort(u16 *portno, u8 *protocol) const {
if (*protocol == IPPROTO_IP)
assert(*portno < 256);
if(port_map[mapped_protocol]==NULL || port_list[mapped_protocol]==NULL) {
assert(0);
fatal("%s(%i,%i): you're trying to access uninitialized protocol", __func__, *portno, *protocol);
}
mapped_portno = port_map[mapped_protocol][*portno];
@@ -647,14 +646,10 @@ bool PortList::mapPort(u16 *portno, u8 *protocol) const {
*portno = mapped_portno;
*protocol = mapped_protocol;
return true;
}
const Port *PortList::lookupPort(u16 portno, u8 protocol) const {
if (!mapPort(&portno, &protocol))
return NULL;
mapPort(&portno, &protocol);
return port_list[protocol][portno];
}
@@ -666,8 +661,7 @@ Port *PortList::createPort(u16 portno, u8 protocol) {
mapped_portno = portno;
mapped_protocol = protocol;
if (!mapPort(&mapped_portno, &mapped_protocol))
return NULL;
mapPort(&mapped_portno, &mapped_protocol);
p = port_list[mapped_protocol][mapped_portno];
if (p == NULL) {
@@ -687,8 +681,7 @@ int PortList::forgetPort(u16 portno, u8 protocol) {
log_write(LOG_PLAIN, "Removed %d\n", portno);
if (!mapPort(&portno, &protocol))
return -1;
mapPort(&portno, &protocol);
answer = port_list[protocol][portno];
if (answer == NULL)

2
portlist.h
View File

@@ -289,7 +289,7 @@ class PortList {
bool hasOpenPorts() const;
private:
bool mapPort(u16 *portno, u8 *protocol) const;
void mapPort(u16 *portno, u8 *protocol) const;
/* Get Port structure from PortList structure.*/
const Port *lookupPort(u16 portno, u8 protocol) const;
Port *createPort(u16 portno, u8 protocol);